[SKG]

olge siis ettevaatlikud... sest praegu liikumas viirus nimega Fizzer. kõige tõenäolisem on seda "saada" Kazaa kaudu. mul 6 (loe: kuus) tuttavat juba selle ussi omal masinasse saand ja muud ei aita kui kõvaketta format. noh, eks ta oma enda hooletus ka muidugi enam jaolt!

lisasin kirja lõppu ka meili, mille F-Secure mulle saatis.



PRESS RELEASE

For release May 12, 2003

Fizzer e-mail worm is spreading at an alarming rate

F-Secure is raising the alert to the highest level as Fizzer becomes one of
the most widespread viruses currently in circulation.

Fizzer was first seen on Thursday, 8th of May. Since then it has been
located
from several countries worldwide and it continues to spread at a quick rate.
The largest infections seem to be in Asia, especially in China and Hong
Kong,
but both Europe and USA are hit, too.

Fizzer is a Windows worm, spreading through e-mail and the Kazaa
peer-to-peer
file sharing program. The worm is very complex and misuses the infected
computers in several ways. Fizzer will also attempt to attack several
antivirus programs and try to remove them,
leaving the infected machines vulnerable to infections from other malware as
well.

"This is one of the more complicated worms we've seen", comments Mikko
Hypponen, Manager of Anti-Virus Research at F-Secure. "The worm is 200kB of
code spaghetti, containing backdoors, code droppers, attack agents, key
loggers and even a small web server!"

The Fizzer worm spreads via e-mail as an attachment. The e-mails sent by the
worm vary a lot, as do the names of the attachments, but they always have
extensions of .EXE, .PIF, .SCR or .COM. These e-mails are sent to both
random
addresses as well as to addresses found in the infected computer.

"Fizzer actually creates random e-mail addresses and targets them", explains
Hypponen. "This is done by picking random names and numbers and creating
addresses belonging to large services such as Hotmail - these addresses
might
look like BOB246@MSN.COM or JACK555@YAHOO.COM".

Fizzer tries to terminate various processes in the memory of an infected
computer. This includes processes used by several antivirus products.
However, the worm does not affect F-Secure Anti-Virus. "As this worm is
already widespread, there must now be scores of computers in the internet
without any anti-virus protection - because Fizzer has removed it", comments
Hypponen.

The worm will install a backdoor in all infected systems, allowing the virus
writer to control them - even to remotely look at their monitors. The
infected computers can also be used to launch distributed denial-of-service
attacks against any Internet-connected machines at any time.

A detailed technical description of the worm as well as screenshots are
available in the F-Secure Virus Description Database at
http://www.f-secure.com/v-descs/fizzer.shtml

F-Secure Anti-Virus can detect, stop and disinfect the Fizzer worm. F-Secure
Anti-Virus can be downloaded from http://www.f-secure.com

About F-Secure Corporation

F-Secure Corporation is the leading provider of centrally managed security
solutions for the mobile enterprise. The company's award-winning products
include antivirus, file encryption and network security solutions for major
platforms from desktops to servers and from laptops to handhelds. Founded in
1988, F-Secure has been listed on the Helsinki Exchanges since November
1999.
The company is headquartered in Helsinki, Finland, with the North American
headquarters in San Jose, California, as well as offices in Germany, Sweden,
Japan and the United Kingdom and regional offices in the USA. F-Secure is
supported by a network of value added resellers and distributors in over 90
countries around the globe. Through licensing and distribution agreements,
the company's security applications are available for the products of the
leading handheld equipment manufacturers, such as Nokia and HP.

For more information, please contact:

Mikko Hypponen, Manager, Anti-Virus Research
F-Secure Corporation
Tel. +358 9 2520 5513
Email: Mikko.Hypponen@F-Secure.com

Media contact in the USA:
F-Secure Inc.
Heather Deem,
675 N. First Street, 5th Floor
San Jose, CA 95112
Tel +1 408 350 2178
Fax +1 408 938 6701
Email Heather.Deem@F-Secure.com


Mailing list policy

You have previously expressed interest in our products, or have asked
to be included on one of our press release lists by personally giving us
your e-mail address for this purpose. Our mailing list are for the
exclusive use and the expressed purpose of F-Secure and are not
sold or given to third parties.

If you no longer wish to receive our press releases, or your email address
has been added to our lists without your consent, you can unsubscribe at
http://www.F-Secure.com/news/subscribe.html

If you only wish to receive our press releases concerning viruses,
please go to
http://www.F-Secure.com/news/subscribe.html
and first unsubscribe from
press-english-interest@lists.F-Secure.com
and then subscribe to
press-english-virus-announcement@lists.F-Secure.com


-------------------------------
Marita Nasman-Repo tel: +358 9 2520 5613
Communicator fax : +358 9 2520 5018
mobile: +358 40 517 4613

F-Secure Corporation
http://www.F-Secure.com

Securing the Mobile Enterprise

[_marek]

krt...no mul läks küll kohe kazaa igaks juhuks kinni ja e-maile tuleb ka hoolega chekata...

[Rob D]

kuidas see kazaas liigub kas see tuleb alla tõmmata või kuidas

[MC Riot]

Ei tea kas just format abiks... niipalju kui seal kirjas paistab küll suht ohutu olema (backdoor siis)...
Ja isegi desinfection routine viirusele sisse kirjutatud:)
Igatahes suht kiiresti märgatav viirus- antiviirused ei tööta, firewall kukub kisama, Run on registris ühe key juurde saanud (kui igapäev system kataloogi ei jälgi, siis faile vast ei märka, aga need kolm on küll päris ruttu ära nähe signid)
Ja paras muidugi failivahetsuvendadale:)

[SKG]

no mu sõbral oli seesama uss ja Norton lakkas töötamast ja lõpuks ka Windows - hakkas DLL failide kohta erroreid andma lihtsalt.
ps: no ma ei usu, et Kazaa'st mp3'ede tõmmamisel selle külge saab, aga softi küll ei tasu vist Kazaa'st tõmmata. ma pole tegelt kunagi julgend Kazaa'st progesi tõmmata. vot.

[SKG]

jah, ilmselt saab ka ilma formatita läbi kui õigel ajal jaole saab.

[Spott]

https://foorum.hinnavaatlus.ee/viewtopic.php?t=42431

[Deep Fury]

Paistab, et kommentaare on turvfoorumisse tulnud, lisab enda oma ka siia siis.
Tõsiselt vaeva nähtud ikka selle viiruse tegemisega. Featureid 200 kb sees ikka mõnuga:
keylogger, remote control via IRC channel, update via web jne.
Ilmselt paneb varsti levikuedetabelis kohtasi kinni ... puudu on aint LANi sharede kaudu paljunemine,
mis klezi levikule kõva hüppe andis.

[AsTeR]

mingit muud varianti peale formati pole siis ve.

[escucha]

krt mul tuli ka mingi telneti aken lahti, millesse ilmus kiri: connecting to microsoft....või midagi taolist ja neid aknaid tuli nagu päris palju....enne seda tegi arvuti millegipärast ullult exploreri aknaid lahti mis kamm on olen ma kaa ohver nüüd v
APPI

[escucha]

sry..valehäire...üks vend tegi lolli nalja: www.hot.ee/pirminownage
arvestage restardiga kui seda linki vaatate

[Puravik]

miks ma restarti peaks tegema, käisin lingil, midagi ei juhtunud. igas normaalses arvutis on ju popup-stopper peal

[CoperniK]

Sellepeale,kotkad-nehhui kasutada igasuguseid sharemise progesid nagu kazaa,you never-ever know-mida sitta sa sealt endale tirid.....
Loodan et ei riivanud kedagi sellega

[CoperniK]

[Puravik]

noh, ega see stopper mul enda leiutatud pole, see ikka ühe konkreetse progejupi nimi selline, ei hakka mina teda ümber ristima vt. www.panicware.com